On Thu, 2015-08-20 at 00:54 +0200, Michael Ströder wrote:
Dmitri Pal wrote:
> On 08/19/2015 03:53 PM, Jakub Hrozek wrote:
> > On Wed, Aug 19, 2015 at 09:49:22PM +0530, Rajnesh Kumar Siwal
> > wrote:
> > > Any suggested workaround .
> > You can use nss-pam-ldapd just for the hosts database and sssd
> > for the
> > rest, you can use different views or different servers altogether
> > for
> > public/private views.
> > btw this is the first time I've heard a request for hosts support
> > in
> > sssd, so I don't think it's something that can be expected,
> > unless
> > someone steps in and implements the maps.
> People usually use DNS for that and it is the recommended way of
> BTW if you want LDAP managed host entries you can use FreeIPA and
> comes with DNS to solve this issue.
But DNS is not subject to access control. Yes, I also already thought
making host entries visible only to specific hosts.
Hmm, access-control is the first good argument I've heard for
supporting hosts in LDAP as opposed to DNS[SEC]. Historically, we've
ignored the hosts map in SSSD because we reasoned that dnsmasq was a
better caching solution for hosts than LDAP. However, being able to
restrict what machines have access to the hosts is actually an
If you have a RHEL subscription, I'd encourage you to contact your
support representative to make a formal request for inclusion of the
hosts map in SSSD. If you do not, please file an RFE at
with this justification and upstream will
consider it for inclusion in a future release.